By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Research from the company has found that cross site scripting is beginning to appear on social networking sites, blogs and forums.

Roy Hills, technical director at NTA Monitor, said, “Attackers are creating websites in which they embed malicious code to track a visitor’s searches, usernames and passwords. The code can affect a visitor’s PC without their knowledge and can quickly spread to other visitors’ machines.”

Cross site script can occur when information submitted by users is not properly stripped of HTML tags, enabling an attacker to embed malicious code on a website, Hill said. “When the website is accessed, the code will execute code in a user’s browser.

"A user may be redirected to a fake website or have their login or user information compromised. In the worst cases, users’ computers can be compromised.”

According to NTA Monitor it can be difficult to identify the malicious code, as browsers do not currently identify malware.

To avoid being caught Hills suggested IT directors ensure that staff install, run and update anti-spyware and anti-malware programs and undertake regular penetration testing. He also recommended businesses consider control of URLs through web filtering

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy